gc: disable ASan fake-stack so conservative scanner works on gcc-built binaries

Define __asan_default_options() in main.c returning
"detect_stack_use_after_return=0". libasan's fake-stack feature
relocated each call's address-taken locals to its own region, so the
&probe captured in gc_note_host_frame at state init and the &probe
read inside gc_scan_stack lived in different regions with unmapped
pages between -- the conservative scanner walked between them and
SEGVed. detect_leaks stays on; heap-corruption / red-zone coverage
unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: leifericf

CHANGELOG.md

@@ -1,5 +1,35 @@
 # Changelog
 
+## v0.255.17 — Fix: Disable ASan fake-stack for conservative scanner
+
+After v0.255.16 let libasan print its full report on ubuntu-24.04
+x86_64, the report named the real bug: a SEGV inside `gc_scan_stack`
+at `src/gc/roots.c` reading from an unmapped page near `0x7f7a65220000`.
+Root cause is ASan's fake-stack (use-after-return detection) feature,
+which is default-on in gcc-built ASan binaries.
+
+When fake-stack is active, each function's address-taken locals are
+relocated to a separately allocated region. `&probe` recorded at state
+init (`gc_note_host_frame`) and `&probe` taken inside `gc_scan_stack`
+end up in **different** fake-stack regions, with unrelated heap pages
+between them. The conservative scanner walks word-by-word from one
+`&probe` toward the other, hits a guard page, and SEGVs.
+
+The `no_sanitize_address` attribute added in v0.255.14 only suppresses
+red-zone checks; it does not change where local addresses live. The
+correct fix is to disable fake-stack at the ASan runtime layer.
+
+Define `__asan_default_options()` in `main.c` (a weak hook libasan
+calls before `main`) that returns `"detect_stack_use_after_return=0"`
+when the binary is built with ASan. Use-after-return is a
+nice-to-have; the heap-corruption / red-zone class of bugs the
+release-gate ASan run actually targets is unaffected. `detect_leaks`
+remains on, so LSan continues to catch what ubuntu-24.04-arm was
+flagging in v0.255.15.
+
+macos-14 / windows-2022 / ubuntu-24.04-arm stayed green in v0.255.16;
+only ubuntu-24.04 x86_64 carried this layer.
+
 ## v0.255.16 — Fix: Defer to libsanitizer + filter JIT note from parity diff
 
 Two remaining CI matrix failures after v0.255.15:

main.c

@@ -754,6 +754,34 @@ static void crash_handler(int sig)
     raise(sig);
 }
 
+/* Weak hook called by libasan before main() runs. Disables fake-stack
+ * (use-after-return detection) so conservative stack scanning works.
+ * ASan's fake-stack feature relocates each function's address-taken
+ * locals into a separately allocated region; the address returned by
+ * &local for one call lives in a different region than another call's
+ * &local. gc_scan_stack uses &probe at scan time and gc_note_host_frame
+ * recorded another &probe at state init -- under fake-stack those two
+ * pointers can sit in different fake-stack regions with unmapped memory
+ * between them, so walking word-by-word from one to the other SEGVs.
+ * The other use-after-return-style coverage we'd lose is non-essential
+ * for catching the heap-corruption / red-zone class of bugs that
+ * release-gate's ASan run is actually meant to find. The detect_leaks
+ * setting stays on. */
+#if defined(__has_feature)
+#  if __has_feature(address_sanitizer)
+#    define MINO_BUILT_WITH_ASAN 1
+#  endif
+#elif defined(__SANITIZE_ADDRESS__)
+#  define MINO_BUILT_WITH_ASAN 1
+#endif
+#ifdef MINO_BUILT_WITH_ASAN
+const char *__asan_default_options(void);
+const char *__asan_default_options(void)
+{
+    return "detect_stack_use_after_return=0";
+}
+#endif
+
 static void install_crash_handler(mino_state_t *S)
 {
     const char *disabled = getenv("MINO_NO_CRASH_HANDLER");

src/mino.h

@@ -28,7 +28,7 @@
  */
 #define MINO_VERSION_MAJOR 0
 #define MINO_VERSION_MINOR 255
-#define MINO_VERSION_PATCH 16
+#define MINO_VERSION_PATCH 17
 
 /*
  * Human-readable version string of the *linked* runtime, e.g. "0.48.0".